The number of people using computers, as well as the tasks they are used to perform, is continually increasing. The Internet is one example of such an increase—more and more people are communicating with one another, researching information, and purchasing goods and services over the Internet. However, accompanying this increasing usage of computers and the Internet is an increasing concern about user-privacy, including concerns that individual's purchasing and researching (or “web surfing”) behavior is being monitored by others.
A user can connect to the Internet at any time of day or night and purchase electronic content that is immediately transferred to his or her computer (a process referred to as “downloading”). Examples of such content include music (e.g., MP3 compressed audio files), text (e.g., electronic books), software applications, etc. In order to obtain electronic content over the Internet, the seller or other provider of such content often desires some assurances regarding the security of the device requesting the content (e.g., the user's computer). Such assurances indicate to the seller/provider that the electronic content obtained will not be used inappropriately. For example, an assurance that music files transferred to the device will not be improperly copied to another device.
Most users are willing to abide by such “proper usage” requirements for the content they download. However, many are unwilling to forgo any personal privacy in order to do so. For example, many users would be willing to accept a mechanism that gave the seller/provider the desired assurances regarding the security of their computer (or other device), but do not want their identity revealed in order to do so.
One way in which these assurances can be made to the seller/provider is for the requesting device to authenticate itself to the seller/provider. Such authentication typically involves the requesting device identifying itself to the seller/provider, either directly or indirectly via the authentication mechanism. This identification, however, can also allow the user's behavior to be tracked. For example, if a user continually uses the same public key for public key encryption when obtaining electronic content, then the user can be tracked using that key. Given the ability to track users using such mechanisms, they are unlikely to achieve widespread user acceptance.
The invention described below addresses these disadvantages by providing controlled-content recoverable blinded certificates.